tsamsoniw writes: "Mere days after Oracle rolled out a fix for the latest Java zero-day vulnerabilities, an admin for an Underweb hacker forum put code for a purportedly new Java exploit up for sale for $5,000. Though unconfirmed, it's certainly plausible that the latest Java patch didn't do the job, based on an analysis by the OpenJDK community. Maybe it's high time for Oracle to fix Java to better protect both its enterprise customers and the millions of home users it picked up when it acquired Sun."

As a long time user and proponent of Java, I'm getting tired of waiting for Oracle to get its act together and do something to build a vibrant Java community that actually benefits Java users rather than just Oracle's bottom line. I suspect that many like me will soon give up on Oracle and move to greener pastures if they don't get their act together soon. The current situation with Java security only highlights that Java is rapidly heading down the road toward yet another dead language.

The thing is, in Java there is a greater likelihood of a marketing name as the library name and it is more likely to be treated as if it is actually an intrinsic part of the language rather than being just a library.

For example, there might be a C or C++ javascript interpreter in a library such as this [google.com], but when I tell somebody I know C/C++, nobody assumes that I am familiar with that library and certainly nobody feels a burning urge to bundle it as a standard library with their C compiler.